Elastic Beanstalk

[aryameenakshi5]

I was trying to deploy my app to beanstalk but i am getting this error.

2018-02-21T05:49:22.5321888Z ##[section]Starting: Deploy to Elastic Beanstalk: vsts 2018-02-21T05:49:22.5325662Z ============================================================================== 2018-02-21T05:49:22.5325957Z Task : AWS Elastic Beanstalk Deploy Application 2018-02-21T05:49:22.5326257Z Description : Deploys an application to Amazon EC2 instance(s) using AWS Elastic Beanstalk 2018-02-21T05:49:22.5326509Z Version : 1.0.20 2018-02-21T05:49:22.5326887Z Author : Amazon Web Services 2018-02-21T05:49:22.5327258Z Help : Please refer to AWS Elastic Beanstalk User Guide for more details on deploying applications with AWS Elastic Beanstalk. 2018-02-21T05:49:22.5327629Z ============================================================================== 2018-02-21T05:49:23.0124021Z 698b99eb-678e-49f8-9588-6e2ad2b08389 exists true 2018-02-21T05:49:23.0130606Z Configuring task to use role-based credentials. 2018-02-21T05:49:23.0150110Z Deployment type set to aspnet 2018-02-21T05:49:24.3141877Z DescribeApplications: error vsts returned querying for existence of application CredentialsError: Missing credentials in config 2018-02-21T05:49:24.3146559Z ##[error]Error: Application vsts does not exist 2018-02-21T05:49:24.3247035Z ##[section]Finishing: Deploy to Elastic Beanstalk: vsts

Although i have vsts application ready in my aws account. How to fix this?

[stevejroberts]

Are you able to use the service endpoint credentials on any other task (for example a simple upload of a file to an S3 bucket)?

The only two things that spring to mind are either

1. The credentials in the endpoint are bad in some way
2. The role that is being used by the task by virtue of the credentials does not have permissions to the relevant Beanstalk apis that the task is trying to call.

[alpacamybags118]

So I'm running into this exact same issue. We have a base account that assumes a role into other accounts to deploy to elastic beanstalk instances within the account. The role is managed via cloud formation scripts. Elastic beanstalk deployments have been working with most accounts that have this role, but we have a few that it isn't working.

I just tried uploading to an S3 bucket, and having it create the S3 bucket beforehand and I'm getting the same error. message: 'Could not load credentials from TemporaryCredentials', 2018-02-22T22:48:39.9791148Z code: 'CredentialsError'

Also with that error, I also get this error: message: 'The security token included in the request is invalid.', 2018-02-22T23:03:21.4143508Z code: 'InvalidClientTokenId',

I also had it try accessing an existing bucket and it said it couldn't find the bucket., but didn't give the credential error:

2018-02-22T22:47:52.2961434Z ##[error]Error: Bucket <bucketname> does not exist or you do not have access. Auto-create option not set, cannot continue.

The endpoint in tfs has the same secret and access key as all the other endpoints that use the same base account, and I validated that the role arn that is entered is correct.

Here is a sample of the permissions that the role gives: { "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:HeadBucket", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:ListObjects", "s3:GetObject", "s3:GetBucketAcl", "s3:GetBucketLocation", "s3:GetBucketPolicy", "s3:GetBucketTagging", "s3:GetBucketVersioning", "s3:GetObjectAcl", "s3:GetObjectTagging", "s3:PutObject", "s3:PutObjectTagging", "s3:PutObjectVersionTagging", "s3:DeleteObject", "ec2:DescribeSubnets", "ec2:DescribeImages", "ec2:DescribeVpcs", "ec2:DescribeKeyPairs", "ec2:DescribeSecurityGroups", "ec2:DescribeTags", "ec2:DescribeInstances", "elasticbeanstalk:Describe*", "elasticbeanstalk:CreateApplicationVersion", "elasticbeanstalk:UpdateEnvironment", "elasticbeanstalk:SwapEnvironmentCNAMEs", "elasticbeanstalk:CreateStorageLocation", "cloudformation:GetTemplate", "cloudformation:Describe*", "cloudformation:UpdateStack", "cloudformation:CancelUpdateStack", "autoscaling:SuspendProcesses", "autoscaling:ResumeProcesses", "autoscaling:Describe*", "elasticloadbalancing:Describe*", "elasticloadbalancing:RegisterInstancesWithLoadBalancer", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:DescribeInstanceHealth" ], "Resource": [ "*" ], "Effect": "Allow" } ] }

I also created a brand new endpoint in TFS to see if it could be something weird with the existing endpoint, but I'm getting the same error Unfortunately, I don't have any admin level access to the account, so I can't really change anything directly, but based on what I can can see, the role I am assuming should have all the permissions it needs and the credentials that I'm using are valid. Is there anything else I could check?

[aryameenakshi5]

Thank you for your reply.Now i am able to successfully deploy the application. I created a new user with 'elasticbeanstalkfullaccess' role and saved the credentials of new user in my vsts account. I provided only access and secret key and left all the other fields.

[stevejroberts]

@alpacamybags118, I don't at a glance see anything obviously missing in the role permissions you quote, I'll set up a similar role in one of my test accounts and see if I can get to a similar error.

[alpacamybags118]

@steveataws I just wanted to follow up and see if you had a chance to try this out? Thanks for your help, by the way!

[stevejroberts]

Sorry, as you can probably tell from the slow responses I've been distracted elsewhere. I'll try and get this bumped up in my priority stack but wanted to check - you are up and running now, correct?